Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-14827 (GCVE-0-2018-14827)
Vulnerability from cvelistv5
Published
2018-09-20 20:00
Modified
2024-09-16 19:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - UNCONTROLLED RESOURCE CONSUMPTION ('RESOURCE EXHAUSTION')
Summary
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | RSLinx Classic |
Version: 4.00.01 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RSLinx Classic",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "4.00.01 and prior"
}
]
}
],
"datePublic": "2018-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "UNCONTROLLED RESOURCE CONSUMPTION (\u0027RESOURCE EXHAUSTION\u0027) CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-20T19:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-20T00:00:00",
"ID": "CVE-2018-14827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RSLinx Classic",
"version": {
"version_data": [
{
"version_value": "4.00.01 and prior"
}
]
}
}
]
},
"vendor_name": "Rockwell Automation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNCONTROLLED RESOURCE CONSUMPTION (\u0027RESOURCE EXHAUSTION\u0027) CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14827",
"datePublished": "2018-09-20T20:00:00Z",
"dateReserved": "2018-08-01T00:00:00",
"dateUpdated": "2024-09-16T19:14:30.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-14827\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2018-09-20T19:29:00.580\",\"lastModified\":\"2024-11-21T03:49:52.867\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality.\"},{\"lang\":\"es\",\"value\":\"Rockwell Automation RSLinx Classic en versiones 4.00.01 y anteriores. Un actor de amenaza remoto no autenticado podr\u00eda enviar de forma intencionada paquetes Ethernet/IP al puerto 44818, lo que provoca que la aplicaci\u00f3n del software deje de responder y se cierre inesperadamente. El usuario necesitar\u00e1 reiniciar el software para recuperar la funcionalidad.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:rslinx:*:*:*:*:classic:*:*:*\",\"versionEndIncluding\":\"4.00.01\",\"matchCriteriaId\":\"8A2F3687-1906-476D-9947-B4A02AAA1E24\"}]}]}],\"references\":[{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
}
}
ICSA-18-263-02
Vulnerability from csaf_cisa
Published
2018-09-20 00:00
Modified
2018-09-20 00:00
Summary
Rockwell Automation RSLinx Classic
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities could crash the device being accessed or allow arbitrary code execution on the device.
Critical infrastructure sectors
Critical Manufacturing, Energy, Water and Wastewater Systems
Countries/areas deployed
Worldwide
Company headquarters location
United States
Recommended Practices
NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
Recommended Practices
NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.
Exploitability
No known public exploits specifically target these vulnerabilities.
{
"document": {
"acknowledgments": [
{
"organization": "Rockwell Automation",
"summary": "reporting these vulnerabilities to NCCIC"
},
{
"organization": "Tenable",
"summary": "reporting these vulnerabilities to NCCIC"
},
{
"names": [
"Younes Dragoni",
"Alessandro Di Pinto"
],
"organization": "Nozomi Networks",
"summary": "reporting these vulnerabilities to NCCIC"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could crash the device being accessed or allow arbitrary code execution on the device.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturing, Energy, Water and Wastewater Systems",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "United States",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-18-263-02 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsa-18-263-02.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-18-263-02 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-18-263-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Rockwell Automation RSLinx Classic",
"tracking": {
"current_release_date": "2018-09-20T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-18-263-02",
"initial_release_date": "2018-09-20T00:00:00.000000Z",
"revision_history": [
{
"date": "2018-09-20T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-18-263-02 Rockwell Automation RSLinx Classic"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 4.00.01",
"product": {
"name": "RSLinx Classic: Versions 4.00.01 and prior",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "RSLinx Classic"
}
],
"category": "vendor",
"name": "Rockwell Automation"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-14829",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "This vulnerability may allow a remote threat actor to intentionally send a malformed CIP packet to Port 44818, causing the software application to stop responding and crash. This vulnerability also has the potential to exploit a buffer overflow condition, which may allow the threat actor to remotely execute arbitrary code.CVE-2018-14829 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14829"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Rockwell Automation has released a new version of the software that can found at Rockwell Automation knowledgebase article KB 1075712",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075712"
},
{
"category": "mitigation",
"details": "Rockwell Automation also reports that users can disable Port 44818 if it is not utilized during system operation. For more details on how to disable the port and for Rockwell Automation\u0027s general security guidelines, please visit knowledgebase article KB 1075747 (login is required)",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075747"
},
{
"category": "mitigation",
"details": "Please see Rockwell Automation\u0027s industrial security advisory at the following location on their website for further details (login is required)",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075747"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2018-14821",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "This vulnerability may allow a remote, unauthenticated threat actor to intentionally send a malformed CIP packet to Port 44818, causing the RSLinx Classic application to terminate. The user will need to manually restart the software to regain functionality.CVE-2018-14821 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14821"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Rockwell Automation has released a new version of the software that can found at Rockwell Automation knowledgebase article KB 1075712",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075712"
},
{
"category": "mitigation",
"details": "Rockwell Automation also reports that users can disable Port 44818 if it is not utilized during system operation. For more details on how to disable the port and for Rockwell Automation\u0027s general security guidelines, please visit knowledgebase article KB 1075747 (login is required)",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075747"
},
{
"category": "mitigation",
"details": "Please see Rockwell Automation\u0027s industrial security advisory at the following location on their website for further details (login is required)",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075747"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2018-14827",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality.CVE-2018-14827 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14827"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Rockwell Automation has released a new version of the software that can found at Rockwell Automation knowledgebase article KB 1075712",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075712"
},
{
"category": "mitigation",
"details": "Rockwell Automation also reports that users can disable Port 44818 if it is not utilized during system operation. For more details on how to disable the port and for Rockwell Automation\u0027s general security guidelines, please visit knowledgebase article KB 1075747 (login is required)",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075747"
},
{
"category": "mitigation",
"details": "Please see Rockwell Automation\u0027s industrial security advisory at the following location on their website for further details (login is required)",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075747"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
}
]
}
icsa-18-263-02
Vulnerability from csaf_cisa
Published
2018-09-20 00:00
Modified
2018-09-20 00:00
Summary
Rockwell Automation RSLinx Classic
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities could crash the device being accessed or allow arbitrary code execution on the device.
Critical infrastructure sectors
Critical Manufacturing, Energy, Water and Wastewater Systems
Countries/areas deployed
Worldwide
Company headquarters location
United States
Recommended Practices
NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
Recommended Practices
NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.
Exploitability
No known public exploits specifically target these vulnerabilities.
{
"document": {
"acknowledgments": [
{
"organization": "Rockwell Automation",
"summary": "reporting these vulnerabilities to NCCIC"
},
{
"organization": "Tenable",
"summary": "reporting these vulnerabilities to NCCIC"
},
{
"names": [
"Younes Dragoni",
"Alessandro Di Pinto"
],
"organization": "Nozomi Networks",
"summary": "reporting these vulnerabilities to NCCIC"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could crash the device being accessed or allow arbitrary code execution on the device.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturing, Energy, Water and Wastewater Systems",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "United States",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-18-263-02 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsa-18-263-02.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-18-263-02 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-18-263-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Rockwell Automation RSLinx Classic",
"tracking": {
"current_release_date": "2018-09-20T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-18-263-02",
"initial_release_date": "2018-09-20T00:00:00.000000Z",
"revision_history": [
{
"date": "2018-09-20T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-18-263-02 Rockwell Automation RSLinx Classic"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 4.00.01",
"product": {
"name": "RSLinx Classic: Versions 4.00.01 and prior",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "RSLinx Classic"
}
],
"category": "vendor",
"name": "Rockwell Automation"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-14829",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "This vulnerability may allow a remote threat actor to intentionally send a malformed CIP packet to Port 44818, causing the software application to stop responding and crash. This vulnerability also has the potential to exploit a buffer overflow condition, which may allow the threat actor to remotely execute arbitrary code.CVE-2018-14829 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14829"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Rockwell Automation has released a new version of the software that can found at Rockwell Automation knowledgebase article KB 1075712",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075712"
},
{
"category": "mitigation",
"details": "Rockwell Automation also reports that users can disable Port 44818 if it is not utilized during system operation. For more details on how to disable the port and for Rockwell Automation\u0027s general security guidelines, please visit knowledgebase article KB 1075747 (login is required)",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075747"
},
{
"category": "mitigation",
"details": "Please see Rockwell Automation\u0027s industrial security advisory at the following location on their website for further details (login is required)",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075747"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2018-14821",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "This vulnerability may allow a remote, unauthenticated threat actor to intentionally send a malformed CIP packet to Port 44818, causing the RSLinx Classic application to terminate. The user will need to manually restart the software to regain functionality.CVE-2018-14821 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14821"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Rockwell Automation has released a new version of the software that can found at Rockwell Automation knowledgebase article KB 1075712",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075712"
},
{
"category": "mitigation",
"details": "Rockwell Automation also reports that users can disable Port 44818 if it is not utilized during system operation. For more details on how to disable the port and for Rockwell Automation\u0027s general security guidelines, please visit knowledgebase article KB 1075747 (login is required)",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075747"
},
{
"category": "mitigation",
"details": "Please see Rockwell Automation\u0027s industrial security advisory at the following location on their website for further details (login is required)",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075747"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2018-14827",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality.CVE-2018-14827 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14827"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Rockwell Automation has released a new version of the software that can found at Rockwell Automation knowledgebase article KB 1075712",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075712"
},
{
"category": "mitigation",
"details": "Rockwell Automation also reports that users can disable Port 44818 if it is not utilized during system operation. For more details on how to disable the port and for Rockwell Automation\u0027s general security guidelines, please visit knowledgebase article KB 1075747 (login is required)",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075747"
},
{
"category": "mitigation",
"details": "Please see Rockwell Automation\u0027s industrial security advisory at the following location on their website for further details (login is required)",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075747"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
}
]
}
gsd-2018-14827
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-14827",
"description": "Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality.",
"id": "GSD-2018-14827"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-14827"
],
"details": "Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality.",
"id": "GSD-2018-14827",
"modified": "2023-12-13T01:22:38.255894Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-20T00:00:00",
"ID": "CVE-2018-14827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RSLinx Classic",
"version": {
"version_data": [
{
"version_value": "4.00.01 and prior"
}
]
}
}
]
},
"vendor_name": "Rockwell Automation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNCONTROLLED RESOURCE CONSUMPTION (\u0027RESOURCE EXHAUSTION\u0027) CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:rslinx:*:*:*:*:classic:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.00.01",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2018-14827"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2019-10-09T23:35Z",
"publishedDate": "2018-09-20T19:29Z"
}
}
}
ghsa-x977-8678-7c9x
Vulnerability from github
Published
2022-05-13 01:34
Modified
2022-05-13 01:34
Severity ?
VLAI Severity ?
Details
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality.
{
"affected": [],
"aliases": [
"CVE-2018-14827"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-20T19:29:00Z",
"severity": "HIGH"
},
"details": "Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality.",
"id": "GHSA-x977-8678-7c9x",
"modified": "2022-05-13T01:34:24Z",
"published": "2022-05-13T01:34:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14827"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
fkie_cve-2018-14827
Vulnerability from fkie_nvd
Published
2018-09-20 19:29
Modified
2024-11-21 03:49
Severity ?
Summary
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rockwellautomation | rslinx | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rockwellautomation:rslinx:*:*:*:*:classic:*:*:*",
"matchCriteriaId": "8A2F3687-1906-476D-9947-B4A02AAA1E24",
"versionEndIncluding": "4.00.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality."
},
{
"lang": "es",
"value": "Rockwell Automation RSLinx Classic en versiones 4.00.01 y anteriores. Un actor de amenaza remoto no autenticado podr\u00eda enviar de forma intencionada paquetes Ethernet/IP al puerto 44818, lo que provoca que la aplicaci\u00f3n del software deje de responder y se cierre inesperadamente. El usuario necesitar\u00e1 reiniciar el software para recuperar la funcionalidad."
}
],
"id": "CVE-2018-14827",
"lastModified": "2024-11-21T03:49:52.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-20T19:29:00.580",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cnvd-2019-09766
Vulnerability from cnvd
Title: Rockwell Automation RSLinx Classic拒绝服务漏洞(CNVD-2019-09766)
Description:
Rockwell Automation RSLinx Classic是美国罗克韦尔(Rockwell Automation)公司的一套工厂通信解决方案。该方案支持通过Allen-Bradley可编程控制器访问Rockwell Software和Allen-Bradley应用程序等。
Rockwell Automation RSLinx Classic 4.00.01及之前版本中存在拒绝服务漏洞,远程攻击者可通过向44818端口发送特制的Ethernet/IP数据包利用该漏洞造成应用程序停止响应并造成其崩溃。
Severity: 中
Patch Name: Rockwell Automation RSLinx Classic拒绝服务漏洞(CNVD-2019-09766)的补丁
Patch Description:
Rockwell Automation RSLinx Classic是美国罗克韦尔(Rockwell Automation)公司的一套工厂通信解决方案。该方案支持通过Allen-Bradley可编程控制器访问Rockwell Software和Allen-Bradley应用程序等。
Rockwell Automation RSLinx Classic 4.00.01及之前版本中存在拒绝服务漏洞,远程攻击者可通过向44818端口发送特制的Ethernet/IP数据包利用该漏洞造成应用程序停止响应并造成其崩溃。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
厂商已发布了漏洞修复程序,请及时关注更新: https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075712
Reference: https://nvd.nist.gov/vuln/detail/CVE-2018-14827
Impacted products
| Name | Rockwall Automation RSLinx Classic <=4.00.01 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-14827"
}
},
"description": "Rockwell Automation RSLinx Classic\u662f\u7f8e\u56fd\u7f57\u514b\u97e6\u5c14\uff08Rockwell Automation\uff09\u516c\u53f8\u7684\u4e00\u5957\u5de5\u5382\u901a\u4fe1\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u652f\u6301\u901a\u8fc7Allen-Bradley\u53ef\u7f16\u7a0b\u63a7\u5236\u5668\u8bbf\u95eeRockwell Software\u548cAllen-Bradley\u5e94\u7528\u7a0b\u5e8f\u7b49\u3002\n\nRockwell Automation RSLinx Classic 4.00.01\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u541144818\u7aef\u53e3\u53d1\u9001\u7279\u5236\u7684Ethernet/IP\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u5e94\u7528\u7a0b\u5e8f\u505c\u6b62\u54cd\u5e94\u5e76\u9020\u6210\u5176\u5d29\u6e83\u3002",
"discovererName": "unknown",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075712",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-09766",
"openTime": "2019-04-12",
"patchDescription": "Rockwell Automation RSLinx Classic\u662f\u7f8e\u56fd\u7f57\u514b\u97e6\u5c14\uff08Rockwell Automation\uff09\u516c\u53f8\u7684\u4e00\u5957\u5de5\u5382\u901a\u4fe1\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u652f\u6301\u901a\u8fc7Allen-Bradley\u53ef\u7f16\u7a0b\u63a7\u5236\u5668\u8bbf\u95eeRockwell Software\u548cAllen-Bradley\u5e94\u7528\u7a0b\u5e8f\u7b49\u3002\r\n\r\nRockwell Automation RSLinx Classic 4.00.01\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u541144818\u7aef\u53e3\u53d1\u9001\u7279\u5236\u7684Ethernet/IP\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u5e94\u7528\u7a0b\u5e8f\u505c\u6b62\u54cd\u5e94\u5e76\u9020\u6210\u5176\u5d29\u6e83\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Rockwell Automation RSLinx Classic\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2019-09766\uff09\u7684\u8865\u4e01",
"products": {
"product": "Rockwall Automation RSLinx Classic \u003c=4.00.01"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-14827",
"serverity": "\u4e2d",
"submitTime": "2018-09-21",
"title": "Rockwell Automation RSLinx Classic\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2019-09766\uff09"
}
var-201809-0160
Vulnerability from variot
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality. The solution supports access to Rockwell Software and Allen-Bradley applications via Allen-Bradley programmable controllers. A stack-based buffer-overflow vulnerability. 2. A heap-based buffer-overflow vulnerability. 3. A denial-of-service vulnerability. Attackers can exploit these issues to execute arbitrary code, obtain sensitive information or cause the affected application to crash
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0160",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rslinx",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "4.00.01"
},
{
"model": "rslinx classic",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "4.00.01"
},
{
"model": "automation rslinx classic",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwall",
"version": "\u003c=4.00.01"
},
{
"model": "rslinx",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "4.00.01"
},
{
"model": "automation rslinx classic",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "4.00.01"
},
{
"model": "automation rslinx classic",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "3.90.01"
},
{
"model": "automation rslinx classic",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "3.73.00"
},
{
"model": "automation rslinx classic",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "3.72.00"
},
{
"model": "automation rslinx classic",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "1.0.5.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "rslinx",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "5b48244a-d5d3-4be0-aa54-a054132fcf9e"
},
{
"db": "CNVD",
"id": "CNVD-2019-09766"
},
{
"db": "BID",
"id": "108501"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010788"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-949"
},
{
"db": "NVD",
"id": "CVE-2018-14827"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:rockwellautomation:rslinx_classic",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010788"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenable and Younes Dragoni and Alessandro Di Pinto of Nozomi Networks",
"sources": [
{
"db": "BID",
"id": "108501"
}
],
"trust": 0.3
},
"cve": "CVE-2018-14827",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-14827",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-09766",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "5b48244a-d5d3-4be0-aa54-a054132fcf9e",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-125025",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-14827",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14827",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-14827",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-09766",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-949",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "5b48244a-d5d3-4be0-aa54-a054132fcf9e",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-125025",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5b48244a-d5d3-4be0-aa54-a054132fcf9e"
},
{
"db": "CNVD",
"id": "CNVD-2019-09766"
},
{
"db": "VULHUB",
"id": "VHN-125025"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010788"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-949"
},
{
"db": "NVD",
"id": "CVE-2018-14827"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality. The solution supports access to Rockwell Software and Allen-Bradley applications via Allen-Bradley programmable controllers. A stack-based buffer-overflow vulnerability. \n2. A heap-based buffer-overflow vulnerability. \n3. A denial-of-service vulnerability. \nAttackers can exploit these issues to execute arbitrary code, obtain sensitive information or cause the affected application to crash",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14827"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010788"
},
{
"db": "CNVD",
"id": "CNVD-2019-09766"
},
{
"db": "BID",
"id": "108501"
},
{
"db": "IVD",
"id": "5b48244a-d5d3-4be0-aa54-a054132fcf9e"
},
{
"db": "VULHUB",
"id": "VHN-125025"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14827",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-263-02",
"trust": 2.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-949",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-09766",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010788",
"trust": 0.8
},
{
"db": "BID",
"id": "108501",
"trust": 0.3
},
{
"db": "IVD",
"id": "5B48244A-D5D3-4BE0-AA54-A054132FCF9E",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-125025",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "5b48244a-d5d3-4be0-aa54-a054132fcf9e"
},
{
"db": "CNVD",
"id": "CNVD-2019-09766"
},
{
"db": "VULHUB",
"id": "VHN-125025"
},
{
"db": "BID",
"id": "108501"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010788"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-949"
},
{
"db": "NVD",
"id": "CVE-2018-14827"
}
]
},
"id": "VAR-201809-0160",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5b48244a-d5d3-4be0-aa54-a054132fcf9e"
},
{
"db": "CNVD",
"id": "CNVD-2019-09766"
},
{
"db": "VULHUB",
"id": "VHN-125025"
}
],
"trust": 1.5666666999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "5b48244a-d5d3-4be0-aa54-a054132fcf9e"
},
{
"db": "CNVD",
"id": "CNVD-2019-09766"
}
]
},
"last_update_date": "2024-11-23T21:52:50.693000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RSLinx",
"trust": 0.8,
"url": "https://www.rockwellautomation.com/rockwellsoftware/products/rslinx.page"
},
{
"title": "Patch for Rockwell Automation RSLinx Classic Denial of Service Vulnerability (CNVD-2019-09766)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/158513"
},
{
"title": "Rockwell Automation RSLinx Classic Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85064"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-09766"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010788"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-949"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125025"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010788"
},
{
"db": "NVD",
"id": "CVE-2018-14827"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-263-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14827"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14827"
},
{
"trust": 0.3,
"url": "https://www.rockwellautomation.com/en_in/overview.page"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-09766"
},
{
"db": "VULHUB",
"id": "VHN-125025"
},
{
"db": "BID",
"id": "108501"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010788"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-949"
},
{
"db": "NVD",
"id": "CVE-2018-14827"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5b48244a-d5d3-4be0-aa54-a054132fcf9e"
},
{
"db": "CNVD",
"id": "CNVD-2019-09766"
},
{
"db": "VULHUB",
"id": "VHN-125025"
},
{
"db": "BID",
"id": "108501"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010788"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-949"
},
{
"db": "NVD",
"id": "CVE-2018-14827"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-12T00:00:00",
"db": "IVD",
"id": "5b48244a-d5d3-4be0-aa54-a054132fcf9e"
},
{
"date": "2019-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-09766"
},
{
"date": "2018-09-20T00:00:00",
"db": "VULHUB",
"id": "VHN-125025"
},
{
"date": "2018-09-20T00:00:00",
"db": "BID",
"id": "108501"
},
{
"date": "2018-12-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010788"
},
{
"date": "2018-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-949"
},
{
"date": "2018-09-20T19:29:00.580000",
"db": "NVD",
"id": "CVE-2018-14827"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-09766"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-125025"
},
{
"date": "2018-09-20T00:00:00",
"db": "BID",
"id": "108501"
},
{
"date": "2018-12-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010788"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-949"
},
{
"date": "2024-11-21T03:49:52.867000",
"db": "NVD",
"id": "CVE-2018-14827"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-949"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation RSLinx Classic Vulnerabilities related to resource exhaustion",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010788"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "5b48244a-d5d3-4be0-aa54-a054132fcf9e"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-949"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…